Vulnerabilty threat in WPA2 protocol


Mathy Vanhoef and Frank Piessens detected a major vulnerability in the WPA2 protocol which secures all protected Wi-Fi networks.
This weakness can be exploited by attackers to steal sensitive information like passwords or credit card numbers.
By performing a novel type of attack against the 4-way handshake of the WPA2 protocol, Mathy found a way to get around the security offered by the WPA2 protocol. Whenever someone joins a Wi-Fi network, a 4-way handshake is executed to produce a fresh encryption key for all subsequent traffic. To guarantee security, a key should be installed and used only once. But by using the key reinstallation attack (KRACK), an attacker can trick a victim into reinstalling an already-in-use key allowing him to steal sensitive information or even, depending on the network configuration, inject malware into a website.